A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Examples include a method of live migrating a virtual device by creating a virtual device in a virtual machine, creating first and second interfaces for the virtual device, transferring data over the first interface, detecting a disconnection of the virtual device from the virtual machine, switching data transfers for the virtual device from the first interface to the second interface, detecting a reconnection of the virtual device to the virtual machine, and switching data transfers for the virtual device from the second interface to the first interface.

In an embodiment, a data processing method comprises detecting an approval of a change to an electronic configuration document that symbolically identifies one or more configurations of users, groups, and/or permissions relating to access to computer program artifacts that are stored in a first repository of a geographically distributed, replicated artifact repository system; the artifact repository system comprising one or more second repositories that are geographically remote with respect to the first repository and which replicate the first repository; in response to the detecting: obtaining the electronic configuration document and deriving, based on the electronic configuration document, a plurality of regional repository settings values for users, groups, and/or permissions relating to access to the computer program artifacts and for the one or more second repositories; transmitting the one or more settings values to the one or more second repositories and causing injection of the one or more settings values into one or more repository configuration settings of the second repositories.

Methods, computer readable media, and devices for identifying and preventing invalid memory access. A method may include defining a dynamic scope for an operation, receiving a request to allocate a portion of the range of shared memory, allocating a monotonically increasing portion of the range of shared memory such that a subsequent request to allocate memory is allocated a different portion of the range of shared memory, receiving a request to deallocate the allocated portion of the range of shared memory, deallocating the allocated portion of the range of shared memory by protecting the deallocated portion of the range of shared memory from any subsequent access, and in response to an access of the protected deallocated portion of the range of shared memory by one of the one or more threads or processes of the operation, trapping and terminating the one thread or process.

Techniques are described for providing one or more clients with direct access to cached data blocks within a persistent memory cache on a storage server. In an embodiment, a storage server maintains a persistent memory cache comprising a plurality of cache lines, each of which represent an allocation unit of block-based storage. The storage server maintains an RDMA table that include a plurality of table entries, each of which maps a respective client to one or more cache lines and a remote access key. An RDMA access request to access a particular cache line is received from a storage server client. The storage server identifies access credentials for the client and determines whether the client has permission to perform the RDMA access on the particular cache line. Upon determining that the client has permissions, the cache line is accessed from the persistent memory cache and sent to the storage server client.

An illustrative method includes an object retention management system establishing a retention policy for a bucket of an object-based storage system, detecting an operation that causes an object to be stored within the bucket, and applying, based on the detecting of the operation, the retention policy to the object, the retention policy preventing the object from being deleted or overwritten for a predefined time duration.

Techniques discussed herein relate to providing composable edge devices. In some embodiments, a user request specifying a set of services to be executed at a cloud-computing edge device may be received by a computing device operated by a cloud computing provider. A manifest may be generated in accordance with the user request. The manifest may specify a configuration for the cloud-computing edge device. Another request can be received specifying the same or a different set of services to be executed at another edge device. Another manifest which specifies the configuration for that edge device may be generated and subsequently used to provision the request set of services on that device. In this manner, manifests can be used to compose the platform to be utilized at any given edge device.

Embodiments relate to the field of storage technologies. The method is applied to a flash device whose first physical storage space stores a data block at a first security level and a data block at a second security level and whose second physical storage space stores a data block at a second security level. The method includes: receiving a data write request used to request to write target data, and obtaining a security level of the target data; and writing the target data into the first physical storage space if the security level of the target data is the first security level; or writing the target data into the second physical storage space or writing the target data into the second physical storage space and the first physical storage space if the security level of the target data is the second security level.

A memory system includes a memory device, a memory controller configured to control the memory device, and an interface device configured to perform an interfacing operation for transmission of a control signal and data between the memory device and the memory controller. The interface device activates a blocking function for the interfacing operation in response to a configuration command of the memory controller including a blocking activation signal and performs an interface configuration operation in response to an interface configuration command of the memory controller while the blocking function is activated.

A data processing system having a PUF and method for providing multiple enrollments, or instantiations, of the PUF are provided. A PUF segment includes a plurality of SRAM cells on an integrated circuit. A PUF response from the PUF segment is used to create a first activation code and a first PUF key. A second PUF key may be created from the PUF response. Initially, during a second enrollment, the PUF response is combined with the first activation code to reproduce a codeword. The first secret string is reconstructed by encoding the codeword. The codeword is combined with the first activation code to reproduce the PUF response. Inverse anti-aging is applied to the PUF response. Then a second secret string is generated using a random number generator (RNG). The second secret string is encoded to produce a new codeword. The new codeword is combined with the recovered PUF response to create a second activation code. The second activation coded is hashed with the second secret string to provide a second PUF key.